I've been having an issue with folder redirection and offline files I've not been able to get to the bottom of. I'm using a win2k8r2 ent server and win7 clients.

Here's the issue.

I have a DFS setup on the server shared through a network mapping of N:\, aswell as being accessible by UNC paths, i.e \\domain\data\video, music and so on. Now obviously I don't want offline files enabled on these as they are huge directories, and it's just not needed. But when I enable folder redirection offline files kicks in automatically on client machines.

Obvious thing to do, disable it by GPO, but that's not an option.

Along with having folder redirection setup for Music,Video,Pictures & Downloads, I've also enabled it for all the other redirects aswells, all redirecting to \\domain\user\"username"\"redirect" using the GPO setting for folder for each user under root. Now those I do want offline enabled on to make roaming possible for items like AppData, Favorites, Start Menu, etc.

Now here's the question. How do I on the one hand disable offline for some redirected folders, those under \\domain\data and leave it enabled for others, those under \\domain\user.

I've tried just about every configuration of the Offline Files GPO for both user and computer, and also the folder redirect settings aswell. Short of doing it on every client machine, which is not an option, I can't see a way around it. Anyone tried to do a config like this before?

Any and all help appreciated, Cheers.

BuckRogers25

EDIT: Oh and I also tried an "exclude offline on these directories" through the GPO, only seems to work with XP and not Win7.

Sorry for the late posting. I finally got to the bottom of this, and was a combination of settings required in the end. I'll outline what's needed and then tell you all the mishaps I went through *sighs*.

Before I start I have two main GPOs, a Computer settings only GPO, and a user setting only GPO. I'll refer to these below.

+Folder Redirection for all other Folders with the following settings applied under user GPO only
-\\domain\user\%username% using advanced directory type
-Grant user exclusive rights, disabled
-Move contents to new location (this depends on if you have blank profile, I would disable if you do and manually transfer, had a hicup where I lost a profile from one machine due to this)
-Apply to 2003 and earlier, enabled
-Policy removal behavior, leave contents (important or you will run into big sync times at first logon/logoff)

+DFS Folders and Sharing settings
This warrants some explanation before I explain the details. One of the biggest issues here was syncing areas I didn't want synced. And the easiest way to resolve that, caching setting on the sub-folders of the dfs root share! Was so obvious in the end but there's almost no literature on it out there. Go to the sharing tab of the subfolder, downloads say, advanced sharing, caching, and set it to not available.
-\\domain\data\"shared folders", set to no caching
-\\domain\home, set to no caching at root of home share
-\\domain\user, set to allow caching at root of user share (could expand on this further if you are using branchcache, but I don't need it for this particular situation)

That is all the settings you should need to make this work. If you aren't using DFS this will work to, but you will have to adjust your shares one by one, and change drive mappings.

Now for the tales of Wo, getting to this stage was ... a trial!

Firstly offline cache and old GPO settings on local machines are an issue when insituting this. BUT, be careful not to clear these until after you have institued the policy. You will need three things here.
+RegKey1, FormatDatabase for offline files in Windows 7
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters, add a DWORD registry entry of FormatDatabase with a value of 1
+RegKey2, FormatDatabase for offlines files in 2003 and earlier, XP, etc
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache, add a DWORD registry entry of Format Database with a value of 1
+Regedit to remove all GPO entries
-Use regedit to remove all ID keys from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy , so anything with a domain ID, S-1-5-121... ,etc, and all groups listed under the group membership key, leave the rest

If you already have local profiles on more than one machine, I recomend you pick the most complete profile and back it up, then after logging on for the first time copy it across to your \\domain\user\"username" folder. This saves a lot of grief pushing files back and forth.

This is about all you need to make this work. I'd be lying if I said it's easy, but I'd definetly say it's worth it in my situation.

One more thing, and this is one everyone should be careful of.

I ran into a nasty where I accidentally left the "move folder contents" enabled on the GPO for pictures folder redirection, and found it moved all my pictures from the network share, into a users local profile then deleted the original. This was down to folder redirection I'm afraid, I tested the same with my Video folder and it began moving it to the user folder. Folder redirection on shared folders should most definetly never be used. Only use it for folders that are one user specific, or use registry keys instead and leave the relevant entry not configured, much much easier.

I actually lost my entire photos directory cause of this, including a load of pictures of my late mother. Had a major panic attack when I realised what had happened. It moved them all into a user my pictures dir, which I deleted whilst clearing up, before realising it had done it. Luckily a deep scan recovery of a machine that had synced the folders (even though I'd cleared the cache with FormatDatabase), found most of them, and the rest I managed to deep scan from the RAID 6 array, and I was able to recover them all!

Never underestimate the power of Recuva and a deep scan, or windows GPOs ability to make life more complicated than it needs to be :).

Thanks to Rune for providing some useful input throughout this ordeal, and I hope people find some of this info useful. It certainly not a situation I've been able to find documentation on elsewhere.

Agree with Rune, little confused. If you are trying to re-direct the users documents folders without including all the other stuff like My music and what not, then you can do this through group policy.

On the server 2008 box open up the group policy manager, right click and choose edit for the policy you are applying this to. In the left hand side navigate to

User Configuration>Administrative Templates>System>User Profiles

In the right hand pane double click on "Exclude Directories in roaming profile". from here you can now select multiple folders to exclude.

This is typically how it would be done, unless I missunderstood what you are trying to achieve here.

If the above settings do not work, then there is a problem with the GPO being applied and you will need to investigate that further either on the client side runnign from a command prompt gpresult -h C:\test.html which will creat an html file called test in the root of C of all the policies being applied or any errors being seen when applying.

Their music, video, etc, is actually all mine, this is my home testbed, just me, my fiance and a few friends and neighbours using it :). So personal files are kind of the whole point.

Can think of one or two corporate scenarios I might use this in to, but it would be a rare instance this would be needed in a corporate environment. Maybe a graphics design or video editing house.

Currently everything is accessible by N:\Video for example through DFS and a GPO drive mapping to \\domain\data DFS root that is applied to all domain users, along with an H:\ drive mapping applied through the user profile, DFS of \\domain\home\"user". Lastly \\domain\user\"user" is the target for user profile/roaming data.

The reason for including the folder redirection, is really to make it bomb proof, to stop anyone from storing data locally on their machines. Obviously I could just remove access to the local directories and remove the start menu entries that point there, but folder redirection seems a much nicer way to do it. For the ... technically challenged shall we say, they won't need re-educating, just go to start->video will save a lot of time.

Also means I can use windows environment variables for a few things without having to use full UNC paths or drive mappings, both of which I could change a couple of years down the line. Again bomb proof, even if I do change something server side, say redo the DFS namespaces or start clustering, I won't have to do anything to the client GPO.

As far as jamming stuff up, the server running this has a bonded 4gb conn and a RAID 6 12 TB array in it, space and speed really aren't an issue right now :).

Tried gpresult already, nothing there. Erased the GPO and rebuilt just to be sure to.

Hadn't thought about user profile directory exclusion. That could be worth ago, not sure if it will work as I still don't know where the interaction between folder redirection and offline files is coming from. I'll give it a go and post later. TY.

Think your probably right on the money there with the reg settings Rune. I've done another test GPO and setup a clean VM and user account to test this out on. Run out of time today to finish testing, but I'll be sure to test it out over the weekend and post my results back. Thanks again guys.

Sorry for the late posting. I finally got to the bottom of this, and was a combination of settings required in the end. I'll outline what's needed and then tell you all the mishaps I went through *sighs*.

Before I start I have two main GPOs, a Computer settings only GPO, and a user setting only GPO. I'll refer to these below.

+Folder Redirection for all other Folders with the following settings applied under user GPO only
-\\domain\user\%username% using advanced directory type
-Grant user exclusive rights, disabled
-Move contents to new location (this depends on if you have blank profile, I would disable if you do and manually transfer, had a hicup where I lost a profile from one machine due to this)
-Apply to 2003 and earlier, enabled
-Policy removal behavior, leave contents (important or you will run into big sync times at first logon/logoff)

+DFS Folders and Sharing settings
This warrants some explanation before I explain the details. One of the biggest issues here was syncing areas I didn't want synced. And the easiest way to resolve that, caching setting on the sub-folders of the dfs root share! Was so obvious in the end but there's almost no literature on it out there. Go to the sharing tab of the subfolder, downloads say, advanced sharing, caching, and set it to not available.
-\\domain\data\"shared folders", set to no caching
-\\domain\home, set to no caching at root of home share
-\\domain\user, set to allow caching at root of user share (could expand on this further if you are using branchcache, but I don't need it for this particular situation)

That is all the settings you should need to make this work. If you aren't using DFS this will work to, but you will have to adjust your shares one by one, and change drive mappings.

Now for the tales of Wo, getting to this stage was ... a trial!

Firstly offline cache and old GPO settings on local machines are an issue when insituting this. BUT, be careful not to clear these until after you have institued the policy. You will need three things here.
+RegKey1, FormatDatabase for offline files in Windows 7
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters, add a DWORD registry entry of FormatDatabase with a value of 1
+RegKey2, FormatDatabase for offlines files in 2003 and earlier, XP, etc
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache, add a DWORD registry entry of Format Database with a value of 1
+Regedit to remove all GPO entries
-Use regedit to remove all ID keys from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy , so anything with a domain ID, S-1-5-121... ,etc, and all groups listed under the group membership key, leave the rest

If you already have local profiles on more than one machine, I recomend you pick the most complete profile and back it up, then after logging on for the first time copy it across to your \\domain\user\"username" folder. This saves a lot of grief pushing files back and forth.

This is about all you need to make this work. I'd be lying if I said it's easy, but I'd definetly say it's worth it in my situation.

One more thing, and this is one everyone should be careful of.

I ran into a nasty where I accidentally left the "move folder contents" enabled on the GPO for pictures folder redirection, and found it moved all my pictures from the network share, into a users local profile then deleted the original. This was down to folder redirection I'm afraid, I tested the same with my Video folder and it began moving it to the user folder. Folder redirection on shared folders should most definetly never be used. Only use it for folders that are one user specific, or use registry keys instead and leave the relevant entry not configured, much much easier.

I actually lost my entire photos directory cause of this, including a load of pictures of my late mother. Had a major panic attack when I realised what had happened. It moved them all into a user my pictures dir, which I deleted whilst clearing up, before realising it had done it. Luckily a deep scan recovery of a machine that had synced the folders (even though I'd cleared the cache with FormatDatabase), found most of them, and the rest I managed to deep scan from the RAID 6 array, and I was able to recover them all!

Never underestimate the power of Recuva and a deep scan, or windows GPOs ability to make life more complicated than it needs to be :).

Thanks to Rune for providing some useful input throughout this ordeal, and I hope people find some of this info useful. It certainly not a situation I've been able to find documentation on elsewhere.

0

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.